package com.spj.shiro_mvc;


import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.springframework.stereotype.Component;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @author :spj
 * @Date:2022/4/14
 * @description:
 */
@Component
public class JwtFilter extends BasicHttpAuthenticationFilter {
    @Override
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
        // 跨域时会首先发送一个option请求，这里我们给option请求直接返回正常状态
//        if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
//            httpServletResponse.setStatus(HttpStatus.OK.value());
//            return false;
//        }
        return super.preHandle(request, response);
    }

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
        //判断请求头有没有信息
        if (isLoginAttempt(request, response)) {
            try {
                //执行登录操作
                executeLogin(request, response);
            } catch (Exception e) {
                e.printStackTrace();
            }
        } else {
            // controller页面
            return false;
        }
        return true;
    }

    @Override
    protected boolean isLoginAttempt(ServletRequest request, ServletResponse response) {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        //从请求头中获取token信息，Authorization 就是自定义的key！
        String token = httpRequest.getHeader("Authorization");
        return token == null ? false : true;
    }

    @Override
    protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        //从请求头中获取token信息，Authorization 就是自定义的key！
        String token = httpRequest.getHeader("Authorization");
        Subject subject = getSubject(request, response);
        MyJWT myJwt = new MyJWT(token);
        try {
            subject.login(myJwt);
            //执行登录如果不报错，为true就放行
            return true;
        } catch (AuthenticationException e) {
            httpResponse.sendRedirect("/wrong");
            return false;
        }

    }

}
